Exploring Policy Group Check Items

Function

This API is used to query the check item list of a specified policy group.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

GET /v5/{project_id}/baseline/risk-config/check-rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
offset	Yes	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value N/A
limit	Yes	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10 to 200 Default Value 10
check_type	No	String	Definition Configuration check baseline name, for example, SSH, CentOS 7, or Windows. Constraints N/A Range The value can contain 0 to 256 characters. Default Value N/A
standard	No	String	Definition Standard type. Constraints N/A Range cn_standard: DJCP MLPS compliance standard hw_standard: Cloud security practice standard cis_standard: general security standard Default Value N/A
statistics_scan_result	No	String	Definition Statistical result type. Constraints N/A Range pass: indicates that all the check items of the server are passed. failed: indicates that all the check items of the server fail to pass the check and are not processed. processed: processed, indicating that the server has check items that fail to pass the check and have been processed (ignored or whitelisted) by the server. Default Value N/A
check_rule_name	No	String	Definition Check item name. Fuzzy match is supported. Constraints N/A Range The value can contain 0 to 2,048 characters. Default Value N/A
severity	No	String	Definition Risk level. Constraints N/A Range Security Low Medium High Critical Default Value N/A
cluster_id	No	String	Definition Cluster ID. Constraints N/A Range The value can contain 0 to 64 characters. Default Value N/A
tag	No	String	Definition Baseline check item type. Constraints N/A Range The value can contain 0 to 256 characters. Default Value N/A
policy_group_id	No	String	Definition Policy group ID. If no value is assigned, all servers of the user are queried. If host_id exists, the value is invalid. Constraints N/A Range The value can contain 0 to 128 characters. Default Value N/A
statistics_flag	No	Boolean	Definition Whether to display data from the statistical dimension. Constraints N/A Range false: Do not display data from the statistical dimension. true: Display data from the statistical dimension. Default Value false

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Integer	Definition Total Risks Range 0 to 200,000
pass_num	Integer	Definition Number of passed check items Range 0 to 200,000
failed_num	Integer	Definition Number of failed check items Range 0 to 200,000
processed_num	Integer	Definition Number of handled check items. Range 0 to 200,000
data_list	Array of CheckRulesResponseInfo objects	Definition Data list.

**Table 5** CheckRulesResponseInfo
Parameter	Type	Description
tag	String	Definition Baseline check item type. Range The value can contain 0 to 256 characters.
check_rule_name	String	Definition Check item (rule) name. Range The value can contain 0 to 2,048 characters.
check_rule_id	String	Definition Check item ID. Range The value can contain 0 to 64 characters.
severity	String	Definition Risk level. Its value can be: Range Low Medium High
check_type	String	Definition Baseline type. The values for check_type and check_name are the same for Linux servers. For example, they can both be set to SSH or CentOS 7. For Windows servers, the values for check_type and check_name are different. For example, check_type can be set to Windows Server 2019 R2 or Windows Server 2016 R2. Range The value can contain 0 to 256 characters.
check_type_name	String	Definition Type name of the configuration check (baseline). Generally, the value is check_type + system baseline check \| application baseline check. Range The value can contain 0 to 256 characters.
standard	String	Definition Standard type. The options are as follows: Range cn_standard: DJCP MLPS compliance standard hw_standard: Cloud security practice standard cis_standard**: general security standard
host_num	Integer	Definition Number of affected servers, that is, the number of servers where the current baseline check is performed. Range The value range is 0 to 2,147,483,647.
failed_num	Integer	Definition Number of servers that fail the check and are neither ignored nor whitelisted. Range The value range is 0 to 2,147,483,647.
scan_time	Long	Latest check time (ms).
statistics_scan_result	String	Definition Check result statistics. Range pass: All the servers involved in this check item have passed the check. failed: Some servers involved in the check item fail to pass the check, and some servers are not handled (ignored or whitelisted). processed: Some servers involved in the check item fail to pass the check, but all the servers that fail to pass the check have been handled (ignored or whitelisted).
enable_fix	Integer	Definition Whether one-click fix is supported. Range 1: One-click fix is supported. 0: not supported
enable_click	Boolean	Definition Whether the Fix and Verify buttons of the check item are enabled. Range true: The buttons are enabled. false: The buttons are disabled.
cancel_ignore_enable_click	Boolean	Definition Whether an ignored check item can be clicked. Range true: The buttons are enabled. false: The buttons are disabled.
rule_params	Array of CheckRuleFixParamInfo objects	Definition Value range of a parameter that can be configured to fix a check item. This information is only returned for the parameters that can be configured to fix check items.

**Table 6** CheckRuleFixParamInfo
Parameter	Type	Description
rule_param_id	Integer	Definition Check item parameter ID. Range Value range: 0 to 10
rule_desc	String	Definition Check item parameter description. Range The value can contain 0 to 256 characters.
default_value	Integer	Definition Default values of check item parameters. Range The value range is 0 to 2,147,483,647.
range_min	Integer	Definition Minimum value of check item parameters. Range The value range is 0 to 2,147,483,647.
range_max	Integer	Definition Maximum value of check item parameters. Range The value range is 0 to 2,147,483,647.

Example Requests

This API is used to query the check items whose baseline name is SSH, check standard is cloud security practice standard, and enterprise project ID is xxx.

GET https://{endpoint}/v5/{project_id}/baseline/risk-config/SSH/check-rules?standard=hw_standard&enterprise_project_id=xxx

{
  "standard" : "hw_standard"
}

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 10,
  "pass_num" : 7,
  "failed_num" : 2,
  "processed_num" : 1,
  "data_list" : [ {
    "tag" : "Network configurations",
    "check_rule_name" : "Check Item",
    "check_rule_id" : "2.1",
    "severity" : "Low",
    "check_type" : "SSH",
    "check_type_name" : "SSH system baseline inspection.",
    "standard" : "hw_standard",
    "host_num" : 3,
    "failed_num" : 2,
    "scan_time" : 9223372036854775807,
    "enable_fix" : 1,
    "enable_click" : true,
    "cancel_ignore_enable_click" : true
  } ]
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Baseline Management

Previous topic: Querying the Password Complexity Policy Detection Report

Next topic: Exporting Configuration Check Reports Based on Query Results

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot